Back to search
CVE-2020-8828
Published: Apr 8, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/argoproj/argo/releases
x_refsource_MISC
https://www.soluble.ai/blog/argo-cves-2020
x_refsource_MISC
https://argoproj.github.io/argo-cd/security_considerations/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now